diff mbox series

drm/i915: Fix a possible use of uninitialized variable in remap_io_sg()

Message ID 20210513232841.147989-1-jose.souza@intel.com (mailing list archive)
State New, archived
Headers show
Series drm/i915: Fix a possible use of uninitialized variable in remap_io_sg() | expand

Commit Message

José Roberto de Souza May 13, 2021, 11:28 p.m. UTC
If the do while loop breaks in 'if (!sg_dma_len(sgl))' in the first
iteration, err is uninitialized causing a wrong call to zap_vma_ptes().

Fixes: b12d691ea5e0 ("i915: fix remap_io_sg to verify the pgprot")
Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: James Ausmus <james.ausmus@intel.com>
Signed-off-by: José Roberto de Souza <jose.souza@intel.com>
---
 drivers/gpu/drm/i915/i915_mm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Christoph Hellwig May 14, 2021, 5:49 a.m. UTC | #1
On Thu, May 13, 2021 at 04:28:41PM -0700, José Roberto de Souza wrote:
> If the do while loop breaks in 'if (!sg_dma_len(sgl))' in the first
> iteration, err is uninitialized causing a wrong call to zap_vma_ptes().

But scatterlist must have at least one valid segment.  So while the
patch looks ok, please clearly mark that this is a false positive from
the static checker in the commit log.
José Roberto de Souza May 15, 2021, 12:23 a.m. UTC | #2
On Fri, 2021-05-14 at 07:49 +0200, Christoph Hellwig wrote:
> On Thu, May 13, 2021 at 04:28:41PM -0700, José Roberto de Souza wrote:
> > If the do while loop breaks in 'if (!sg_dma_len(sgl))' in the first
> > iteration, err is uninitialized causing a wrong call to zap_vma_ptes().
> 
> But scatterlist must have at least one valid segment.  So while the
> patch looks ok, please clearly mark that this is a false positive from
> the static checker in the commit log.

No static checker mentioned but yes it was caught by one.
Anyways better have this change and avoid possible reports from other static analyzers.

Can I add your Reviewed-by?

thanks
Christoph Hellwig May 17, 2021, 12:24 p.m. UTC | #3
On Sat, May 15, 2021 at 12:23:04AM +0000, Souza, Jose wrote:
> On Fri, 2021-05-14 at 07:49 +0200, Christoph Hellwig wrote:
> > On Thu, May 13, 2021 at 04:28:41PM -0700, José Roberto de Souza wrote:
> > > If the do while loop breaks in 'if (!sg_dma_len(sgl))' in the first
> > > iteration, err is uninitialized causing a wrong call to zap_vma_ptes().
> > 
> > But scatterlist must have at least one valid segment.  So while the
> > patch looks ok, please clearly mark that this is a false positive from
> > the static checker in the commit log.
> 
> No static checker mentioned but yes it was caught by one.
> Anyways better have this change and avoid possible reports from other static analyzers.

Please also add the information I provided above to put this into
context.

> 
> Can I add your Reviewed-by?

With that:

Reviewed-by: Christoph Hellwig <hch@lst.de>
diff mbox series

Patch

diff --git a/drivers/gpu/drm/i915/i915_mm.c b/drivers/gpu/drm/i915/i915_mm.c
index 4c8cd08c672d..25576fa73ff0 100644
--- a/drivers/gpu/drm/i915/i915_mm.c
+++ b/drivers/gpu/drm/i915/i915_mm.c
@@ -47,7 +47,7 @@  int remap_io_sg(struct vm_area_struct *vma,
 		struct scatterlist *sgl, resource_size_t iobase)
 {
 	unsigned long pfn, len, remapped = 0;
-	int err;
+	int err = 0;
 
 	/* We rely on prevalidation of the io-mapping to skip track_pfn(). */
 	GEM_BUG_ON((vma->vm_flags & EXPECTED_FLAGS) != EXPECTED_FLAGS);